========================================================================== Ubuntu Security Notice USN-3877-1 January 31, 2019 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libvncclient1 0.9.11+dfsg-1.1ubuntu0.1 libvncserver1 0.9.11+dfsg-1.1ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.1 libvncserver1 0.9.11+dfsg-1ubuntu1.1 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.3 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.3 Ubuntu 14.04 LTS: libvncserver0 0.9.9+dfsg-1ubuntu1.4 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3877-1 CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-6307 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.3 https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.4